![\"A](\"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-content\/uploads\/sites\/4\/2021\/12\/Cybersecurity.jpeg\")
<\/figure>\n<\/div>\nFor sponsors of employee benefit plans, which have a fiduciary responsibility to serve the best interests of their plan members, there are measures that should be taken to help protect against cyber threats. In fact, for the first time, the U.S. Department of Labor (DOL) announced new guidance for plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act (ERISA), as well as record keepers and participants. The guidance is broken down into three categories:<\/p>\n
- \n
- Tips for Hiring a Service Provider<\/li>\n
- Cybersecurity Best Practices<\/li>\n
- Online Security Tips<\/li>\n<\/ul>\n
It is important for plan sponsors and fiduciaries to become familiar with and follow the DOL\u2019s guidance.<\/p>\n
Tips for Hiring a Service Provider<\/h2>\n
The DOL recommends plan sponsors and fiduciaries make sure their plan administrators, record keepers and other service providers with access to plan records and participants\u2019 confidential data are following prudent cybersecurity practices and policies. To make this determination, it is important to ask for their information security standards, policies and practices, as well as their cyber audit results, which verify information security, system data availability, data processing integrity, and data confidentiality. Service providers should also be asked whether or not they have experienced a data breach and if so, what was involved and what was their incident response. It is also important to ascertain each service provider\u2019s cybersecurity insurance coverage.<\/p>\n
Cybersecurity Best Practices<\/h2>\n
In its cybersecurity guidance to plan sponsors and fiduciaries, the DOL recommends having a formal, documented cybersecurity program, which identifies and assesses internal and external cybersecurity risks, which may threaten the confidentiality, integrity and\/or access to stored nonpublic information. Best practices would encompass identifying potential risks; protecting all assets, data and systems; detecting and responding to cybersecurity events; recovering from the events; prompt disclosure of events, when appropriate; and returning to normal operations. Strong policies reflecting such components as data governance, access controls, systems operations, vulnerability and patch management, identity management, asset management, proper data disposal, data privacy, third party service provider and vendor management, and cybersecurity awareness training, among others, are essential. Also noted is the need for an annual risk assessment, third party audit of security, clearly defined and assigned information security roles and responsibilities, strong access control procedures, security reviews and independent security assessments of assets or data stored in a cloud or managed by a third party, and a business resiliency program encompassing business continuity, disaster recovery and incident response plans.<\/p>\n
Online Security Tips<\/h2>\n
The DOL\u2019s guidance to employee benefit plan sponsors and fiduciaries also included tips for online security. Among those noted were:<\/p>\n
- \n
- Register, set up and routinely monitor online accounts<\/li>\n
- Use strong and unique passwords<\/li>\n
- Use multi-factor authentication<\/li>\n
- Keep personal contact information current<\/li>\n
- Close or delete unused accounts<\/li>\n
- Be wary of free Wi-Fi<\/li>\n
- Beware of phishing attacks <\/li>\n
- Use antivirus software and keep apps and software current<\/li>\n
- Know how to report identity theft and cybersecurity incidents<\/li>\n<\/ul>\n
For complete information on the DOL\u2019s cybersecurity guidance to plan sponsors and fiduciaries, visit: https:\/\/www.dol.gov\/agencies\/ebsa\/key-topics\/retirement-benefits\/cybersecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Cyber threats are pervasive and the stakes keep getting higher. There are more breaches than ever and their costs and impacts have increased. A 2021 IBM and Ponemon Institute report stated that the average cost of a data breach among businesses surveyed has reached $4.24 million per incident in 2021, which is the highest in… Read more »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/posts\/1961"}],"collection":[{"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/comments?post=1961"}],"version-history":[{"count":3,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/posts\/1961\/revisions"}],"predecessor-version":[{"id":2213,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/posts\/1961\/revisions\/2213"}],"wp:attachment":[{"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/media?parent=1961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/categories?post=1961"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amalgamatedbenefits.com\/amalgamated-employee-benefits-administrators\/wp-json\/wp\/v2\/tags?post=1961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}